In the Lawful Interception scenario, where the Communication Content, CC, is captured and delivered to the LEA, Law Enforcement Agencies, for the purpose of investigating specified “crimes”, the network operator revenues aren't growing nearly as fast as bandwidth usage.
Nevertheless, LEA demand performance, security and data integrity and network operators are making substantial investments to upgrade the capacity and performance of their networks because the growth of bandwidth usage impact the network's ability to ensure quality for all intercepted services.
Investments in the Interception Domain leave the operator at a competitive disadvantage but they also need to focus on controlling costs and so they are forced to use more-intelligently mechanism to manage the traffic on their networks in this domain.
FIG. 1 shows the standardized interfaces for LI.
FIG. 1 is a block diagram of an exemplary Lawful Interception, LI, system 110 and network 10 according to prior art. Said system and network comprises a number of entities. The exemplary LI system comprises a Law Enforcement Management Function, LEMF, 12 for requesting LI services of the LI system and collecting the intercepted information of Intercepting Access Points, IAPs, 20 in the system. The system shall provide access to the intercepted Content of Communications, CC, and Intercept Related Information, IRI, of a target and services related to the target on behalf of one or more Law Enforcement Agencies, LEAs 80. A target is a person of interest and/or user equipment possessed or used by the person of interest being surveyed by the LEA. An intercept request, also denoted Request for LI activation, is sent through a first Handover Interface, HI1, located between the Law Enforcement Management Function 12 and an Intercept Mediation and Delivery Unit, IMDU, 14 comprising a Mediation Function, MF, 16 and an Administration Function, ADMF, 18. Said Mediation Function 16 and Administration Function 18 generate based on said received request a warrant comprising said one or more target identities, and sends said warrant towards an Intercept Control Element, ICE, in an Interception Access Point, IAP, 20 via an interface denoted X1_1. The IAP 20 may be connected to a node of a network, e.g. the Internet, a 3GMS (third generation Mobile Communications System), an Evolved Packet System (EPS) etc, from which it intercepts said Content of Communications and Intercept Related Information of a mobile target. Said CC and IRI are network related data. As reference to the standard model, the content of communication is intercepted in the IAP network node and it is based upon duplication of target communication payload without modification. The IAP sends IRI raw data via an interface X2 to a Delivery Function for IRI reporting, DF2, 22 and a Mediation Function of IRI, MF2, 24 that generates and delivers to a collection functionality a standardized IRI report based on the received IRI report. Said standardized IRI report is sent over a standardized interface HI2 to the LEMF 12. The IAP 20 also sends CC raw data via an interface X3 to a Delivery Function for CC reporting, DF3, 26 and a Mediation Function of IRI, MF3, 28 which generates and delivers to a collection functionality a standardized CC report based on the received CC report. Said standardized CC report is sent over a standardized interface HI3 to the requesting LEMF 12. The ADMF entity 16 controls and communicates with the Mediation Function and Delivery Function for IRI reporting, MF2/DF2, via the interface X1_2 and the Mediation Function and Delivery Function for CC, MF3/DF3, via the interface X1_3.
Together with the delivery functions it is used to hide from the third generation (3G) Intercepting Access Point IAP entities that there might be multiple activations by different Lawful Enforcement Agencies on the same target.
The HI2 and HI3-interfaces represent the interfaces between the LEA and two delivery functions. The delivery functions are used:                to distribute the Intercept Related Information (IRI) to the relevant LEA(s) via HI2;        to distribute the Content of Communication (CC) to the relevant LEA(s) via HI3.        
According to known internet access services, all the IP streams related to a given target is intercepted and delivered as a whole session data flow regardless any service used within an interception session.
In the example in FIG. 1, the IAP 20 is connected to, or contained within a user plane gateway, PGW, in a node 140 in a CN 115. The IAP may be connected to any type of user plane gateway, e.g. SGW, PGW and GGSN. The same interfaces are also used for control plane nodes like MME and HLR/HSS. Streams of content flow through the user plane gateway in both directions to the UE and from the UE. In one direction, content may come from any site within the CN or any site 119 in a connected communications network 117, e.g. LAN, WLAN, WAN, RAN, etc. The flow passes the (S)Gi interface connected to the user plane gateway. LI is therefore possible to perform. The flow passes an interface S5 between the PGW node 140 and a SGW node 150, and through an interface S1-U between the SGW node 150 and a RAN/eNB 160 comprising one or more radio base stations, e.g. eNB. The radio base station forwards the content flow via the air interface LTE-Uu to the designated UE 170.
In the other direction, flow of packets comprising content generated by the UE passes the same interfaces, nodes and gateways. When passing the IAP entity, LI is performed.
As described above, a network shall provide access to the intercepted CC and the IRI of the mobile target and services related to the target, e.g. Call Forwarding, on behalf of LEAs. The LEA provides the intercept request, e.g. lawful authorization or warrant to the Communication Service Provider, CSP. The intercept request identifies, at a minimum, the target, the type of intercept i.e., IRI-only, or IRI and CC that is authorized, the authorized period for interception, and the LEA delivery address(-es) for the intercepted information.
The CSP shall securely administer the intercept (e.g., to activate, deactivate, show, or list targets) within the network as quickly as possible. The CSP's administration function shall use appropriate authentication and audit procedures.
As shown, the mediation function sends CC towards LEA over HI3 interface. The HI3 interface is based on Transmission Control Protocol, TCP, in order to ensure data integrity. The data integrity is guaranteed by the acknowledged mechanism of transmitted data, i.e. reliability of TCP protocol. According this mechanism, the receiver is able to confirm the receiving of single TCP packets or cumulative TCP stream through an ACK message towards the sender. Any not acknowledged packet/stream represents a lost packet/stream and then is retransmitted. The same happens for corrupted packets. The acknowledged mechanism assures the data integrity but represents an evident overhead for the communication.
Most of IAP uses an X3 interface based on User Datagram Protocol, UDP, protocol meanwhile the HI3 interface is based on TCP. In this case the TCP acknowledged mechanism represents the price to pay, in term of bandwidth usage, in order to have data integrity. Considering the increment of multimedia flows, e.g. video streaming, VoIP, etc., between the mediation function and LEA the HI3 interface may become a bottleneck.